American businesses weren’t very happy about a privacy bill that Rep. Rick Boucher announced in May.
The Interactive Advertising Bureau, for instance, said the Virginia Democrat’s draft legislation would have “major” effects on legitimate business practices.
Well, if they disliked the Boucher bill, they’re really going to loathe a new Democratic proposal that would slap even more extensive regulations on virtually any U.S. business.
A bill introduced Monday by Illinois Rep. Bobby Rush, chairman of a House consumer subcommittee, would levy fines of up to $5 million on businesses and individuals unless they abide by a complex set of new regulations to be administrated by the Federal Trade Commission. A hearing is scheduled for Thursday at 11 a.m. PT.
Rush’s bill applies to any “person” or business that stores personal information, including someone’s name, mailing address, e-mail address, and phone or tax number. That person must provide, if requested, “access to” information stored about others.
There is an exemption for small businesses, but not if they hold 15,000 or more names, e-mail addresses, or other personal information in their records. The language appears to be broad enough to apply to local retailers, small businessman like plumbers and carpenters, and even individuals who have a sufficient quantity of e-mail addresses on their PCs.
The 55-page measure arrives as companies’ data collection and use practices are being subjected to increasing scrutiny on Capitol Hill, in part because of high-profile privacy missteps by Facebook and Google that have attracted criticism from some politicians. While it’s unlikely that Rush’s proposal will become law this year–there’s precious little legislative time left before the November elections–a favorable welcome would give it considerable momentum for 2011.
Rush has a history of interest in these topics. He previously signaled interest in examining Web companies’ behavioral advertising practices and once threatened to hold hearings on the Google-DoubleClick merger, but never followed through. (He’s also been a foe of Net neutrality laws.)
“The Rush bill establishes a forward looking and flexible framework for protecting consumer privacy,” said Leslie Harris, president of the Center for Democracy and Technology, an advocacy group that receives funds from foundations and corporations. “It builds on the sound privacy principles set out in Rep. Boucher’s earlier draft and provides the robust set of fair information practices that CDT has called for it.”
Jim Harper, an attorney at the free-market Cato Institute, points out that Rush’s bill explicitly does not apply to the government. “It’s unbelievable that they should so brazenly exempt the federal government,” he said. “The federal government should be covered, as should political parties and campaign committees. Congress should practice what it preaches.”
Harper says it reminds him of James C. Scott’s book, “Seeing Like A State.” Governments and big corporations “radically simplify what they oversee to make it governable,” he said. “In things like forestry and agriculture, this has had devastating environmental effects because ecosystems don’t function when you eliminate the thousands of ‘illegible’ relationships and interactions. This is Seeing Like a State for the information economy.
Marc Rotenberg, director of the Electronic Privacy Information Center, said he had not yet had a chance to review the language. In general, he said, “I do think people should have enforceable privacy rights and I don’t think the industry can police itself.”
When Boucher circulated a draft of his proposal in early May, the reaction was nearly uniform: everyone hated it. Liberal special interest groups announced they were “disappointed” that Boucher didn’t slap even more regulations on Internet businesses. Free-market think tanks panned it for going too far. And industry groups said it was far too broad as currently drafted.
In some ways, the new Rush bill is narrower. It treats “sensitive” information including race, religion, and ethnicity as different from standard personal information. It generally keeps opt-out as a default. It lifts the number of records required to trigger the regulations from 5,000 to 15,000. It holds out the possibility of an FTC-approved safe harbor for some businesses that self-regulate.
On the other hand, Rush hopes to mandate new “physical safeguards” that apply to anyone holding 15,000 or more records, encourage civil litigation over possible violations, and impose new regulations such as saying business “shall retain such data only as long as necessary to fulfill a legitimate business purpose or comply with a legal requirement.”
The legislation is called the Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act, or BEST PRACTICES Act of 2010.
Declan McCullagh has covered the intersection of politics and technology for over a decade. E-mail Declan.
Topics:
Privacy,
Politics,
Policy,
Law,
Corporate and legal,
Advertising and marketing
Tags:
Rick Boucher,
Bobby Rush,
privacy
Share:
Digg
Del.icio.us
Reddit
Yahoo! Buzz
Facebook
Twitter
Recent posts from Privacy Inc.
New bill renews Internet privacy fight
End of gay teen Web site sparks privacy concerns
Toronto law firm preps Facebook privacy suit
White House drafting plan for cyberspace safety
Police push to continue warrantless cell tracking
ACLU fights N.C. quest for Amazon customer data
ACLU: FBI used ‘dragnet’-style warrantless cell tracking
FTC says current privacy laws aren’t working
Related
Police push to continue warrantless cell tracking
Congress weighs curbs on state ‘iTaxes’
Bill: China Net censorship could start trade war
Facebook’s privacy policies hit a language barrier
FTC says current privacy laws aren’t working
House votes to block Net porn on government PCs
Facebook boosts D.C. ranks with public policy hire
Amazon adds audio, video to Kindle iPhone app
ADD A COMMENT(Log in or register)
(3 Comments)
by ralph103 July 20, 2010 4:25 AM PDT
I read all this and I have to say, I’m not sure the government is competent enough to make laws
Like thisReply to this comment
by odubtaig July 20, 2010 4:58 AM PDT
Like a weak, watered down version of the UK Data Protection Act (which you’ll note doesn’t form any ‘cute’ acronyms).

Cue all the unfettered-free-market morons and their deliberate ignorance of the damage already caused by Google and Facebook’s laissez faire attitudes towards user privacy and, in Facebook’s case, security.

Remember, no-one (sane) would disagree that laws and police are needed to protect us from that small number of people out to hurt everyone else and businesses are run by people, some of whom don’t care who they hurt so long as it makes them rich. Arguing that we don’t need regulation is arguing that all businesses are run by entirely benevolent, saint-like people who don’t need keeping an eye on. As I’ve already pointed out, this is demonstrably untrue.
Like thisReply to this comment
by inachu July 20, 2010 5:18 AM PDT
If you have my name and address without my direct permission and you gleamed my info by trolling websites or by third party bulk people info then you need to ask my permission.

But it is ok as I troll with fake info about myself anyway.
I put out a craigslist personal ad once wanting to date a female in either the FBI or CIA and a woman
replied and tried to impress me with the information she had and I was not impressed at all.
So the date did not go foward. The sad part is the other posters above me are correct and that facebook is a data seller of user information
American businesses that weren’t very happy about privacy legislation that Rep. Rick Boucher announced a few months ago may be even less delighted with a 55-page bill introduced by a House subcommittee chairman. Read this blog post by Declan McCullagh on Privacy Inc..

Born in 1984, Facebook founder Mark Zuckerberg grew up in Dobbs Ferry, New York, the son of a dentist and a psychiatrist who left her profession to work in her husband's office. Zuckerberg launched ...

One can guess that Egypt’s Hosni Mubarak probably doesn’t “Like” Facebook anymore, the website that now topples governments. (I apologize but I couldn’t resist.) Back in the US the Facebook enemies or...

Several popular web sites agreed to participate on the first global-scale trial of IPv6, dubbed as the World IPv6 Day. This will take place on June 8, 2011. During this event, participants are require...